Trivy misconfig : Use High Uid

Question

Trivy misconfig : Use High Uid

Opened this issue 4 months ago · 1 comments

Issue: https://avd.aquasec.com/misconfig/kubernetes/general/avd-ksv-0020/

Runs with UID <= 10000
Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.

Links : https://kubesec.io/basics/containers-securitycontext-runasuser/

Check: CKV_K8S_40: "Containers should run as a high UID to avoid host conflict"

FAILED for resource: Job.mas-inst1-pipelines.mas-deploy-job
File: /chart/deploy-mas/mas-deploy/templates/01-deploy-mas.yaml:95-327

Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-37

Answer 1 · 2024-05-08T06:28:25.000Z

This violation can not be fixed, please find the details below

Eventhough we didn’t set UID in helm template of the Job yaml (which creates the pod), the pod which actually gets created will get the runAsUser injected via the Openshift default SecurityContextConstraints.

Please find the pod YAML which has the runAsUser https://ibm.box.com/s/cio2il1xsz6e0j2ymegchiuc4k0r6wm9